[CERT-daily] Tageszusammenfassung - Mittwoch 30-12-2015

Daily end-of-shift report team at cert.at
Wed Dec 30 18:18:55 CET 2015


=======================
= End-of-Shift Report =
=======================

Timeframe:   Dienstag 29-12-2015 18:00 − Mittwoch 30-12-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Microsoft may have your encryption key; here's how to take it back ***
---------------------------------------------
It doesnt require you to buy a new copy of Windows.
---------------------------------------------
http://arstechnica.com/information-technology/2015/12/microsoft-may-have-your-encryption-key-heres-how-to-take-it-back/




*** Actor using Rig EK to deliver Qbot - update, (Wed, Dec 30th) ***
---------------------------------------------
Introduction This diary is a follow-up to my previous diary on the actor using Rig exploit kit (EK) to deliver Qbot [1]. For this diary, Ive infected more Windows hosts from other compromised websites, so we have additional data on this actor. As previously noted, this actor has been delivering Qbot (also known as Qakbot) malware. The actor uses a gate to route traffic from the compromised website to the EK landing page. In this case, the gate returns a variable that is translated to a URL for...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20551&rss




*** The Truth is in Your Logs! ***
---------------------------------------------
[The post The Truth is in Your Logs! has been first published on /dev/random]Keeping an eye on logs is boring... but mandatory! Hopefully, sometimes it can reveal funny stuffs! It looks like people at the CCC are having some fun too while their annual conference is ongoing... Here is what I got in my Apache logs this morning: 151.217.177.200 - - [30/Dec/2015:06:51:22 +0100] "DELETE your logs. \ Delete your installations. Wipe everything clean. Walk out into the...
---------------------------------------------
https://blog.rootshell.be/2015/12/30/the-truth-is-in-your-logs/




*** Killed by Proxy: Analyzing Client-end TLS Interception Software ***
---------------------------------------------
Topic: Killed by Proxy: Analyzing Client-end TLS Interception Software Risk: Medium Text:Abstract—To filter SSL/TLS-protected traffic, some antivirus and parental-control applications interpose a TLS proxy in the...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2015120310




*** 32C3: Automatisierte Sicherheitstests für das Internet der Dinge ***
---------------------------------------------
Ein französisch-deutsches Forscherteam hat eine Emulationsumgebung entwickelt, mit der sich dynamische Penetrationstests von Firmware vernetzter Elektronikgeräte maschinell durchführen lassen. Erste Ergebnisse sprechen für sich.
---------------------------------------------
http://heise.de/-3056880




*** Cloud Computing: Attacks Vectors and Counter Measures ***
---------------------------------------------
I can bet that some of you might have missed the news about Star Wars, but there will be hardly any who do not know what Cloud computing is, as this has been the buzz for last several years. In this article, we will learn about various types of attacks that are possible in a...
---------------------------------------------
http://resources.infosecinstitute.com/cloud-computing-attacks-vectors-and-counter-measures/




*** Chrome: Google-Entwickler zerpflückt Antiviren-Addon ***
---------------------------------------------
Eine Chrome-Erweiterung des Antiviren-Herstellers AVG habe so viele Sicherheitslücken gehabt, dass es auch Malware hätte sein können, schreibt ein Google-Entwickler. Die Fehler sind zwar behoben, das Addon könnte aber trotzdem aus dem Chrome-Store verbannt werden.
---------------------------------------------
http://www.golem.de/news/chrome-google-entwickler-zerpflueckt-antiviren-addon-1512-118258-rss.html




*** Misconfigured databases, a growing threat ***
---------------------------------------------
It has become commonplace to find misconfigured databases exposed to the public Internet. Last summer alone - 1,175 terabytes (approximately 1.1 petabytes) of data was left wide open for the amusement of inquiring minds and malicious hackers alike - ranging from SMBs to Fortune 500 companies.
---------------------------------------------
http://darkmatters.norsecorp.com/2015/12/29/misconfigured-databases-a-growing-threat/




*** Mobile malware review for 2015 ***
---------------------------------------------
December 30, 2015 The last year proved to be another challenging period for the smartphones and tablets owners. Cybercriminals continued to target users of Android devices - thus, the majority of "mobile" threats and unwanted software discovered in 2015 were intended for this platform. In particular, banking Trojans, Android ransomware, advertising modules, and SMS Trojans expanded their activity. Besides, this year witnessed a growing number of malware pre-installed into...
---------------------------------------------
http://news.drweb.com/show/?i=9779&lng=en&c=9




*** Using IDAPython to Make Your Life Easier: Part 1 ***
---------------------------------------------
As a malware reverse engineer, I often find myself using IDA Pro in my day-to-day activities. It should come as no surprise, seeing as IDA Pro is the industry standard (although alternatives such as radare2...
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/12/using-idapython-to-make-your-life-easier-part-1/




*** The weird and wacky of 2015: strange security and privacy stories ***
---------------------------------------------
These wacky stories remind us how important cybersecurity and online privacy have become in all areas of our lives.
---------------------------------------------
https://nakedsecurity.sophos.com/2015/12/29/the-weird-and-wacky-of-2015-strange-security-and-privacy-stories/




*** Steam blows as games websites security collapse ***
---------------------------------------------
Christmas hiccup on gaming platform exposed user information to others
---------------------------------------------
http://www.scmagazine.com/steam-blows-as-games-websites-security-collapse/article/462148/




*** 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 52.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/2755801




*** PHP Class Name Format String Flaw Lets Remote Users Execute Arbitrary C ode ***
---------------------------------------------
http://www.securitytracker.com/id/1034543




*** Security Advisory: Apache HTTPD vulnerability CVE-2010-2791 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23332326.html?ref=rss




*** Security Advisory: Apache vulnerability CVE-2011-3639 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/20/sol20979231.html?ref=rss




*** AVG Anti-Virus Flaws in Web TuneUp Chrome Extension Lets Remote Users Obtain Potentially Sensitive Information on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1034547




Next End-of-Shift Report on 2016-01-04.


More information about the Daily mailing list